A COBIT-Based Critical Asset Evaluation of Electronic Certificate Management in Central, Urban, and Rural Government Agencies: Study and Analysis

摘要

The authority for digital procurement certification in Indonesia, known as Otoritas Sertifikat Digital Pengadaan Secara Elektronik (OSD PSE), is provided by a unit at National Cyber and Crypto Agency. This is an in-demand service for many sectors that require secure electronic procurement. Our study analyzes and identifies the vulnerability of electronic certificate assets using COBIT 5.0 framework. There are four assets that are at high risk when OSD PSE services are interrupted: OSD PSE Private Key Compromise, Spamkodok Auditor Application, EJBCA Application, and Hardware Security Module. We evaluated these assets using COBIT 5's goals cascade mechanism, which is designed to achieve enterprise and IT goals and to determine domain processes. Based on our evaluation, the EDM03, APO12, APO13, and BAI06 domain processes require deeper study. Additionally, we identified 10 secondary priority processes.